On regions and zones for event-clock automata

Abstract

Event clock automata (\(\mathsf{ECA}\) ) are a model for timed languages that has been introduced by Alur, Fix and Henzinger as an alternative to timed automata, with better theoretical properties (for instance, \(\mathsf{ECA}\) are determinizable while timed automata are not). In this paper, we revisit and extend the theory of \(\mathsf{ECA}\) . We first prove that no finite time abstract language equivalence exists for \(\mathsf{ECA}\) , thereby disproving a claim in the original work on \(\mathsf{ECA}\) . This means in particular that regions do not form a time abstract bisimulation. Nevertheless, we show that regions can still be used to build a finite automaton recognizing the untimed language of an\(\mathsf{ECA}\) . Then, we extend the classical notions of zones and DBMs to let them handle event clocks instead of plain clocks (as in timed automata) by introducing event zones and Event DBMs (EDBMs). We discuss algorithms to handle event zones represented as EDBMs, as well as (semi-) algorithms based on EDBMs to decide language emptiness of \(\mathsf{ECA}\) .

Keywords

Notes

Acknowledgments

This work has been supported by the projects: (i) QUASIMODO (FP7- ICT-STREP-214755), Quasimodo: “Quantitative System Properties in Model-Driven-Design of Embedded”, http://www.quasimodo.aau.dk/, (ii) GASICS (ESF-EUROCORES LogiCCC), Gasics: “Games for Analysis and Synthesis of Interactive Computational Systems”, http://www.ulb.ac.be/di/gasics/, (iii) Moves: “Fundamental Issues in Modelling, Verification and Evolution of Software”, http://moves.vub.ac.be, a PAI program funded by the Federal Belgian Government and (iv) The European Union Seventh Framework Programme under Grant Agreement 601148 (Cassting), http://www.cassting-project.eu. Gilles Geeraerts has been supported by a ‘Crédit aux chercheurs’ from the Belgian FRS/F.N.R.S.

Appendix 1: Event-clock automata and timed automata

As stated in the introduction, \(\mathsf{ECA}\) have been introduced as an alternative to timed automata, for the specification of timed languages. The original work on \(\mathsf{ECA}\) [4] contains a thorough comparisons of the expressiveness of these two models. For the sake of completeness, we recall here the most salient result: each \(\mathsf{ECA}\) can be transformed into a non-deterministic timed automaton that has the same language.

Timed automata We first recall briefly the definition of timed automaton, then present the construction.

We also require that, for each \(q\in Q\), \(\sigma \in \varSigma \), \(\delta \) is defined for a finite number of \(\psi \in \mathsf{Constr}\left( X\right) \).

A valuation of a set of clocks \(X\) is a function \(v:X\rightarrow \mathbb {R}^{\ge 0}\). We denote by \({\fancyscript{V}}\left( X\right) \) the set of valuations of \(X\). For a valuation \(v\), and a time delay \(t\in \mathbb {R}^{\ge 0}\), we denote by \(v+t\) the valuation s.t. \((v+t)(x)=v(x)+t\) for all \(x\). An extended state (or simply a state) of a \(\mathsf{TA}\) with set of locations \(Q\) and set of clocks \(X\) is a pair \((q,v)\) s.t. \(q\in Q\) and \(v\) is a valuation of the clocks in \(X\). As for \(\mathsf{ECA}\) , we define the semantics of timed automata by means of a transition system. We associate to a \(\mathsf{TA}\)\(B=\left\langle Q, Q_i, \varSigma , X, \delta , \alpha \right\rangle \) the infinite transition system \(\mathsf{TS}_{B}=\left\langle Q^B, Q_i^B, \rightarrow , \alpha ^B\right\rangle \), where:

(1)

\(Q^B=Q\times {\fancyscript{V}}\left( X\right) \) is the set of extended states of \(B\),

Intuitively, this means that, on all edges \((q,a,\psi ,r,q')\), \(\psi \) is a guard that must be satisfied by the current valuation of the variables, in order to fire the edge; and that \(r\) is a set of clock that must be reset when firing the edge. We adapt to \(\mathsf{TA}\) the notions of run and language previously defined for \(\mathsf{ECA}\) , as expected.

From\(\mathsf{ECA}\)to\(\mathsf{TA}\) Let us now recall the construction of [4] to translate an \(\mathsf{ECA}\)\(A\) into a \(\mathsf{TA}\)\(B\) that has the same accepted language.12 In order to apply the construction, we need to slightly modify the syntax of the guards in the \(\mathsf{ECA}\) . A non-punctual event-clock constraint is an event-clock constraint where the only atomic event-clock constraints containing an equality are of the form \(x=\bot \) (thus constraints of the form \(x=c\) with \(c\in \mathbb {N}\) are disallowed). Remark that each event-clock constraint can be turned into an equivalent non-punctual one by substituting \(x\ge c\wedge x\le c\) to each \(x=c\), and \(x>c\vee x<c\) to each \(x\ne c\). For any event-clock constraint \(\psi \), we denote by \(\mathsf{PConstr}\left( \psi \right) \) (resp. \(\mathsf{HConstr}\left( \psi \right) \)) the set of all atomic event clock constraints that \((i)\) occur in \(\psi \) and \((ii)\) range over a prophecy (resp. history) clock. Let \(A=\left\langle Q^A,q_i^A,\varSigma ,C,\delta ^A,\alpha ^A\right\rangle \) be an \(\mathsf{ECA}\) . By abuse of notation, we let:

That is, \(\mathsf{PConstr}\left( A\right) \) is the set of all atomic event clock constraints that appear on the edges of \(A\) and that constrain prophecy clocks, plus all the constraints of the form \(\overrightarrow{x_{a}}=\bot \). It is easy to see that:

We are now ready to give the construction of the \(\mathsf{TA}\) that accepts the same language as the \(\mathsf{ECA}\)\(A\). The prophecy clocks will be encoded using non-determinism: in the \(\mathsf{TA}\) , a guess is made on the values of the prophecy clocks, that will be checked when the corresponding event occurs. We assume that all guards in \(A\) are non-punctual, and contain neither disjunctions nor negations.13 As a result, all atomic event-clock constraints occurring in \(A\) are of one of the following forms: \(x\le c\), \(x<c\), \(x\ge c\), \(x>c\) or \(x=\bot \). Then, the corresponding \(\mathsf{TA}\) is \(B=\left\langle Q^B, Q_i^B, \varSigma , X^B, \delta ^B, \alpha ^B\right\rangle \) where:

(1)

\(Q^B=Q^A\times 2^{\mathsf{PConstr}\left( A\right) }\times {\fancyscript{F}}(\varSigma )\), where \({\fancyscript{F}}(\varSigma )\) is the set of all Boolean functions \(f:\varSigma \mapsto \{\mathsf{true},\mathsf{false}\}\). That is, each location of \(B\) is a triple \((q, \varPhi , \mathsf{bot})\), where \(q\) is a location of \(A\), \(\varPhi \) is a set of atomic event-clock constraints on the prophecy clocks of \(A\) that need to be fulfilled and, for all letters \(a\in \varSigma \), \(\mathsf{bot}\left( a\right) \) indicates whether \(\overleftarrow{x_{a}}\) equals \(\bot \) in the original \(\mathsf{ECA}\) .

\(X^B=\{z_\varphi \mid \varphi \in \mathsf{PConstr}\left( a\right) \}\cup \{x_a\mid \overleftarrow{x_{a}}\in C\}\), i.e., \(B\) contains one clock \(z_\varphi \) per atomic clock constraint \(\varphi \) on a prophecy clock of \(A\), and one clock \(x_a\) per letter of the alphabet (as we will see, \(x_a\) will be used to track the value of the corresponding history clock \(\overleftarrow{x_{a}}\) in \(A\)).

To illustrate this rather technical construction, we consider the example given in Fig. 11. The \(\mathsf{ECA}\)\(A\) (top of the figure) accepts all timed words of the form \((\mathtt {b}, t_1), (\mathtt {a}, t_2)\) s.t. \(t_2-t_1\in [2,3]\). The \(\mathsf{TA}\)\(B\) (bottom of the figure) has been obtained from \(A\) by applying the above construction. In the figure, each \(B\) state \((q,\varPhi ,\mathsf{bot})\) is drawn with \(q\) at the top, the set \(\varPhi \) in the middle and the pair of values \(\mathsf{bot}\left( \mathtt {a}\right) ,\mathsf{bot}\left( \mathtt {b}\right) \) at the bottom. On the edges, an expression of the form \(x:=0\) means that \(x\) is reset by the edge. As can be seen in this example, in each \(B\) state \((q,\varPhi ,\mathsf{bot})\), the set \(\varPhi \) contains guesses on constraints on the prophecy clocks of \(A\) that should be fulfilled—this explains the \(\subseteq \) symbol in the definition of item (4e). \(B\) can move from \((q,\varPhi ,\mathsf{bot})\) to \((q',\varPhi ',\mathsf{bot}')\), iff there is, in \(A\), a corresponding edge from \(q\) to \(q'\), s.t. the set of constraints \(\varPhi '\) is updated so that it contains all constraints ranging on prophecy clocks that appear in the guard \(\chi \) of the edge. For instance, all successors of \(q_2'\) are of the form \((q_2, \varPhi , \mathsf{bot})\) with \((\overrightarrow{x_\mathtt{a}}\le 3)\in \varPhi \), as all these successors are obtained thanks to the edge from \(q_1\) to \(q_2\), whose guard is \((\overrightarrow{x_\mathtt{a}}\le 3)\). Remark however, that \(q_2'\) has several successors, as the \(\mathsf{TA}\)\(B\)guesses a set of constraints on the prophecy clocks that should be fulfilled. For instance, when moving from \(q_2'\) to \(q_8'\), the \(\mathsf{TA}\)guesses that \(\overrightarrow{x_\mathtt{b}}=\bot \), i.e., that no more b’s will be read, but when going from \(q_2'\) to \(q_6'\), it guesses otherwise. In order to be able to check that the constraints in \(\varPhi \) hold, a clock \(z_\varphi \) is reset every time an edge is crossed whose guard implies that the constraint \(\varphi \) should hold. For instance, the clock \(z_{\overrightarrow{x_\mathtt{a}}\le 3}\) is reset on every outgoing edge of \(q_2'\). Then, the values of those clocks are checked when the corresponding letter is read. For instance, when going from \(q_8'\) to \(q_{14}'\), one has to check that \(z_{\overrightarrow{x_\mathtt{a}}\le 3}\le 3\), as the edge is labelled by \(\mathtt{a}\), and the constraint \(\overrightarrow{x_\mathtt{a}}\le 3\) occurs in \(q_8'\). To sum up, prophecies in the\(\mathsf{ECA}\)\(A\)are replaced by non-determinism in the\(\mathsf{TA}\)\(B\), while remembering the constraints that have to be fulfilled in each state, and using one clock per constraint to check that it holds. History clocks are handled straightforwardly by resetting a clock \(x_a\) every time an \(a\)-labeled edge is crossed (and relying on the value of \(\mathsf{bot}(a)\) that is stored in each state to remember whether the corresponding history clock \(\overleftarrow{x_{a}}\) is equal to \(\bot \) or not).

An \(\mathsf{ECA}\)\(A\) (top) and its corresponding \(\mathsf{TA}\)\(B\) (bottom), with \(\mathsf {L}(A)=\mathsf {L}(B)\). In \(B\), only the states that are reachable from the initial state are shown